Information classifications, i.e., categorizations of information according to varying levels of confidentiality that may be applied to information, are common in a variety of settings, e.g., corporate, government, etc. Different levels of security may be applied to different classifications of documents, that is, different classifications of documents may be made available to different communities of interest. For example, “unclassified” documents may be available to the general public, while “secret” documents may be available only to members of a certain organization, and “top secret” documents may be limited to a subset of members of the organization. Problems in protecting the security of classified documents can arise when documents having different classifications, e.g., unclassified, secret, and top secret, are stored, transmitted, or viewed using an electronic network or networks.
When different levels of security are maintained for electronic documents in a single facility, e.g., unclassified, secret, and top secret, network data paths are often physically separated to prevent the commingling of information, and to prevent persons not belonging to the proper community of interest from accessing classified information. However, in a networked environment, different classifications of information can be commingled or improperly accessed when a device, e.g., a personal computer, a server computer, etc., intended to store or receive a first classification of information, is unplugged from a network dedicated to that first classification of information, and is then plugged into a network dedicated to a second classification of information. Under such a scenario, any information formerly available over the first network may now be available over the second network. Thus, if the first network is a top secret network and the second network is an unclassified network, top secret information could be made available via the unclassified network to persons outside of a top secret community of interest.
In some facilities that use or store information having different classification levels segregated according to distinct physical networks, plugs and connectors of different types are used for the different networks. Further, sometimes network hubs and routers belonging to networks dedicated to different classifications are placed a predetermined distance apart, this distance being greater than the length of cables that are used to connect devices to networks in a facility. For example, network hubs for network first and second networks, respectively, may be placed six feet apart, and patch cables of no longer than five feet may be used in a facility. Accordingly, information may be limited to each network based on their physical separation, but if the physical distance between the first and second networks is diminished, an unauthorized network device may be connected to a network and information may be transmitted from the first network to the second network or vice versa.
Thus, use of physical separation provides some protection against inadvertent or intentional improper disclosure of classified information, but such protection is both incomplete, and inconvenient. For one thing, it is possible to bring cables supporting different plugs and connectors into a facility. Protections against improper dissemination of classification can be overcome by use of such cables. Moreover, it is generally inconvenient and inexpensive to maintain different kinds of cables and connectors in a single facility.
Further, in facilities where a physical distance separating devices belonging to different networks is used to prevent improper dissemination of classified information, it is often too easy to move devices closer to one another, or to obtain longer cables, in order to circumvent the physical separation that prevents improper dissemination of information.